ORA-07445 when enabling Unified Auditing with Oracle Database 12.2 - oracle
When enabling the below Unified Auditing policies in Oracle database 12.2, a generic error ORA-07445 in the v$alert_log and ORA-03114 for each new log-on occur.
ORA-07445: exception encountered: core dump [kxes_evaopn2_setup_rpiswu_args()+73] [SIGSEGV] [ADDR:0x218] [PC:0x2DCCFA9] [Address not mapped to object] [].
ORA-03114: not connected to ORACLE.
This bug happens consistently on three tested 12.2 databases.
However, the error does not happen if the UPPER function calls in the WHEN clause are removed. Could this be a bug in 12.2? Also, wondering if this is a valid workaround to remove the UPPER function calls.
-- create policies
CREATE AUDIT POLICY sox_audit_ddl
ACTIONS
CREATE ASSEMBLY,
CREATE AUDIT POLICY,
CREATE CLUSTER,
CREATE CONTEXT,
CREATE DATABASE LINK,
CREATE DIMENSION,
CREATE DIRECTORY,
CREATE DISK GROUP,
CREATE EDITION,
CREATE FLASHBACK ARCHIVE,
CREATE FUNCTION,
CREATE INDEX,
CREATE INDEXTYPE,
CREATE JAVA,
CREATE LIBRARY,
CREATE MATERIALIZED VIEW ,
CREATE MATERIALIZED VIEW LOG,
CREATE MATERIALIZED ZONEMAP,
CREATE OPERATOR,
CREATE OUTLINE,
CREATE PACKAGE,
CREATE PACKAGE BODY,
CREATE PFILE,
CREATE PLUGGABLE DATABASE,
CREATE PROCEDURE,
CREATE PROFILE,
CREATE RESTORE POINT,
CREATE ROLE,
CREATE ROLLBACK SEGMENT,
CREATE SCHEMA,
CREATE SCHEMA SYNONYM,
CREATE SEQUENCE,
CREATE SPFILE,
CREATE SYNONYM,
CREATE TABLE,
CREATE TABLESPACE,
CREATE TRIGGER,
CREATE TYPE,
CREATE TYPE BODY,
CREATE USER,
CREATE VIEW,
ALTER ASSEMBLY,
ALTER AUDIT POLICY,
ALTER CLUSTER,
ALTER DATABASE,
ALTER DATABASE LINK,
ALTER DIMENSION,
ALTER DISK GROUP,
ALTER FLASHBACK ARCHIVE,
ALTER FUNCTION,
ALTER INDEX,
ALTER INDEXTYPE,
ALTER JAVA,
ALTER LIBRARY,
ALTER MATERIALIZED VIEW ,
ALTER MATERIALIZED VIEW LOG,
ALTER MATERIALIZED ZONEMAP,
ALTER OPERATOR,
ALTER OUTLINE,
ALTER PACKAGE,
ALTER PACKAGE BODY,
ALTER PLUGGABLE DATABASE,
ALTER PROCEDURE,
ALTER PROFILE,
ALTER RESOURCE COST,
ALTER ROLE,
ALTER ROLLBACK SEGMENT,
ALTER SEQUENCE,
ALTER SESSION,
ALTER SYNONYM,
ALTER SYSTEM,
ALTER TABLE,
ALTER TRIGGER,
ALTER TYPE,
ALTER TYPE BODY,
ALTER USER,
ALTER VIEW,
TRUNCATE CLUSTER,
TRUNCATE TABLE,
RENAME,
DROP ASSEMBLY,
DROP AUDIT POLICY,
DROP CLUSTER,
DROP CONTEXT,
DROP DATABASE LINK,
DROP DIMENSION,
DROP DIRECTORY,
DROP DISK GROUP,
DROP EDITION,
DROP FLASHBACK ARCHIVE,
DROP FUNCTION,
DROP INDEX,
DROP INDEXTYPE,
DROP JAVA,
DROP LIBRARY,
DROP MATERIALIZED VIEW ,
DROP MATERIALIZED VIEW LOG,
DROP MATERIALIZED ZONEMAP,
DROP OPERATOR,
DROP OUTLINE,
DROP PACKAGE,
DROP PACKAGE BODY,
DROP PLUGGABLE DATABASE,
DROP PROCEDURE,
DROP PROFILE,
DROP RESTORE POINT,
DROP ROLE,
DROP ROLLBACK SEGMENT,
DROP SCHEMA SYNONYM,
DROP SEQUENCE,
DROP SYNONYM,
DROP TABLE,
DROP TABLESPACE,
DROP TRIGGER,
DROP TYPE,
DROP TYPE BODY,
DROP USER,
DROP VIEW
WHEN
'UPPER(SYS_CONTEXT(''USERENV'', ''SESSION_USER'')) IN (''USER_A'', ''USER_B'') AND UPPER(SYS_CONTEXT(''USERENV'', ''OS_USER'')) != ''ORACLE'''
EVALUATE PER SESSION;
CREATE AUDIT POLICY sox_audit_dml
ACTIONS
INSERT,
UPDATE,
DELETE
WHEN
'UPPER(SYS_CONTEXT(''USERENV'', ''SESSION_USER'')) IN (''USER_A'', ''USER_B'') AND UPPER(SYS_CONTEXT(''USERENV'', ''OS_USER'')) != ''ORACLE'''
EVALUATE PER SESSION;
CREATE AUDIT POLICY sox_audit_tcl
ACTIONS
COMMIT,
ROLLBACK
WHEN
'UPPER(SYS_CONTEXT(''USERENV'', ''SESSION_USER'')) IN (''USER_A'', ''USER_B'') AND UPPER(SYS_CONTEXT(''USERENV'', ''OS_USER'')) != ''ORACLE'''
EVALUATE PER SESSION;
CREATE AUDIT POLICY sox_audit_dcl
ACTIONS
GRANT,
REVOKE
WHEN
'UPPER(SYS_CONTEXT(''USERENV'', ''SESSION_USER'')) IN (''USER_A'', ''USER_B'') AND UPPER(SYS_CONTEXT(''USERENV'', ''OS_USER'')) != ''ORACLE'''
EVALUATE PER SESSION;
CREATE AUDIT POLICY sox_audit_misc
ACTIONS
ANALYZE CLUSTER,
ANALYZE INDEX,
ANALYZE TABLE,
ASSOCIATE STATISTICS,
AUDIT,
CHANGE PASSWORD,
COMMENT,
DISASSOCIATE STATISTICS,
EXECUTE,
FLASHBACK TABLE,
LOCK TABLE,
LOGOFF,
LOGON,
NOAUDIT,
PURGE INDEX,
PURGE TABLE,
PURGE TABLESPACE,
SET ROLE,
SET TRANSACTION
WHEN
'UPPER(SYS_CONTEXT(''USERENV'', ''SESSION_USER'')) IN (''USER_A'', ''USER_B'') AND UPPER(SYS_CONTEXT(''USERENV'', ''OS_USER'')) != ''ORACLE'''
EVALUATE PER SESSION;
-- enable policies
AUDIT POLICY sox_audit_ddl;
AUDIT POLICY sox_audit_dml;
AUDIT POLICY sox_audit_tcl;
AUDIT POLICY sox_audit_dcl;
AUDIT POLICY sox_audit_misc;
Related
How to create Oracle event trigger that will log table creations
I am trying to write a trigger that fires after user creates a new table, and logs the creation of table into an audit table. I have the below starter code: CREATE OR REPLACE TRIGGER create_table_trigger AFTER CREATE ON SCHEMA BEGIN INSERT INTO TABS_MODS (ID,ACTION) VALUES (1, 'CREATE TAB'); END; TABS_MODS is a global temporary table like below: CREATE GLOBAL TEMPORARY TABLE TABS_MODS ( id NUMBER, action VARCHAR2(20) ) ON COMMIT PRESERVE ROWS; But on creating table I am not seeing anything in the TABS_MODS table.
Use Oracle's built-in auditing features to do this. Audit the "CREATE TABLE" and "CREATE ANY TABLE" privileges. You didn't specify which version of Oracle you're using, but you can start here and search for more version-specific examples if you need them: https://docs.oracle.com/database/121/DBSEG/auditing.htm
oracle flashback feature for tables of a specific user in a database
I am trying to implement a flashback feature in oracle 11g. I have successfully implemented it but it is not restricted to a single user instead, whenever I restore a flashback it affects all the tables/views for all the users. Is there some way to restrict the restoration to a particular user and avoiding the rest. Example: I have a database "db" and there are 4 users "a,b,c,d" now, I want to restore the flashback such that it only affects user "a"?
Use the command FLASHBACK TABLE instead of FLASHBACK DATABASE to only affect specific tables. For example: create table table1(a number) enable row movement; create table table2(a number) enable row movement; --Wait one second. flashback table jheller.table1, jheller.table2 to timestamp systimestamp - interval '1' second; Keep in mind that table flashback uses UNDO, while database flashback uses flashback logs. Table flashback depends on UNDO retention and is more picky about things like DDL.
How could I prevent a user from querying SELECT on other schemas in Oracle?
I'm using Oracle 11g(11.2.0.1.0). I created about 20 tablespaces and users. And the data came by [Tools] - [Database Copy] on Oracle SQL Developer. Somehow I found that a user is using SELECT query on the table from another schema. I want to prevent it for security. How should I change my grant options? I read "Oracle Database Security Guide 11g Release 2(11.2)", but couldn't find the solution clearly. Here are my creating and granting queries. create user [USER_NAME] identified by [PASSWORD] default tablespace [TABLESPACE_NAME] temporary tablespace TEMP; grant create session, create database link, create materialized view, create procedure, create public synonym, create role, create sequence, create synonym, create table, drop any table, create trigger, create type, create view to [USER_NAME]; alter user [USER_NAME] quota unlimited on [TABLESPACE_NAME]; And here is the SELECT result of session_privs on a user. SQL> SELECT * FROM session_privs; PRIVILEGE -------------------------------------------------------------------------------- CREATE SESSION CREATE TABLE DROP ANY TABLE CREATE SYNONYM CREATE PUBLIC SYNONYM CREATE VIEW CREATE SEQUENCE CREATE DATABASE LINK CREATE ROLE CREATE PROCEDURE CREATE TRIGGER PRIVILEGE -------------------------------------------------------------------------------- CREATE MATERIALIZED VIEW CREATE TYPE 13 rows selected. I want to prevent a user from querying SELECT on other schemas. For example, the following query -- connected with USER1 SELECT * FROM USER2.table1; should make an error like: ERROR: USER1 doesn't have SELECT privilege on USER2. Edited: Use appropriate terms (changed some words from tablespace to schema) Add SELECT result of session_privs on a user Add the method of how the data came by.
It was my fault. I missed that I had added some roles. To copy data using Oracle SQL Developer, I added predefined roles to users. The roles were exp_full_database and imp_full_database. According to Oracle Database Security Guide: Configuring Privilege and Role Authorization, exp_full_database contains these privileges: SELECT ANY TABLE BACKUP ANY TABLE EXECUTE ANY PROCEDURE EXECUTE ANY TYPE ADMINISTER RESOURCE MANAGER INSERT, DELETE, UPDATE ON SYS.INCVID, SYS.INCFIL AND SYS.INCEXP and roles: EXECUTE_CATALOG_ROLE SELECT_CATALOG_ROLE Those roles are not required now. So the answer is removing them from users. REVOKE exp_full_database, imp_full_databsae FROM USER1; And I get the result I wanted. -- connected with USER1 SELECT * FROM USER2.TABLE1; ERROR at line 1: ORA-01031: insufficient privileges
Audit on dropped and recreate table
I have a table that is dropped every day and then recreated. I executed some audit actions on that table (select, update, delete, insert, all). Now I want to use the noaudit command to disable audit, but the table is already dropped, so I get an object does not exist exception. When this table is recreated, will the audit work on it? I have version oracle 11g. Thanks.
Oracle 12c - drop table and all associated partitions
I created table t1 in Oracle 12c. Table has data and it is partitioned on list partition and also has subpartitions. Now I want to delete whole table and all associated partitions (and subpartitions). Is this the right command to delete all? DROP TABLE t1 PURGE;
The syntax is right but not preferable, just drop without purge so that whenever you need you could have it back, if your flashback option is enabled. If your database's flashback option is in charge, you could issue this command (provided you don't use purge): SQL> DROP TABLE T1; SQL> FLASHBACK TABLE T1 TO BEFORE DROP RENAME TO T1_ver_2;
When you run DROP then the table is removed entirely from database, i.e. the table does not exist anymore. If you just want to remove all data from that table run truncate table T1 drop storage; You can also truncate single (sub-)partition if required.